How can freelancers prepare for the GDPR?

The GDPR has been a hot topic with the Collective in recent months. And rightly so. With the enforcement date rapidly approaching, the GDPR is going to affect all business owners – whether you are a freelancer, agency or global pharma company. So we should all be preparing now to ensure our compliance.

We’ve been supporting the Collective’s pool of freelancers prepare for the GDPR and in this blog post Carly, our Head of Making Things Happen, outlines some of the key things we’re doing ahead of the enforcement date based on our understanding of the guidance made available by the Information Commissioner’s Office (ICO).

So, grab a coffee and let’s get stuck in!

Okay. I’ve got my coffee and I’m listening. So, what is the GDPR?

The EU General Data Protection Regulation (GDPR) replaces the current Data Protection Directive 95/46/EC and has been designed to align data privacy laws across Europe, to protect our own data privacy and to reshape the way organisations across the region approach data privacy.

The GDPR applies to ‘personal data’. This means any information which can alone, or in combination with other information, result in the identification of the person to which the data is referring to. Think name, date of birth, address, email address, telephone number, bank details and IP address as a starter for ten. The GDPR also covers ‘special personal data’, including genetic and biometric data.

The enforcement date of the GDPR is the 25th May 2018. After this date businesses (including freelancers and sole traders) that are found to be non-compliant are liable to fines – as high as 20 Million Euros or 4% of global annual turnover, whichever is higher. But, don’t panic. The ICO has stated that “it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm. This law is not about fines. It’s about putting the consumer and citizen first. We can’t lose sight of that.”

How can freelancers prepare for the GDPR?

Here are nine ways freelancers can prepare for the GDPR ahead of the enforcement date. If you are a health comms freelancer and haven’t started preparing yet, keep reading. These are the actions we are taking as a Collective, and have encouraged all of our freelancers to work through too.

1. Conduct a software and device audit

Getting a good handle on what data you have and how it is stored and processed is good practice under the current Data Protection Act as well as for the GDPR.

Your data audit should be reviewed regularly and updated as needed so that you always have a current picture of the data stored across your business.

Conducting this audit now means that you will have a clear understanding on what updates you need to make to be compliant with the GDPR and will enable you to take action quickly should you experience any data breaches.

Freelancers can prepare for the GDPR by listing the following (we’ve captured our information in a simple Excel spreadsheet).

1. What software do you use for your business? 

Include paper-based systems, cloud storage, Microsoft products, CRM systems, email accounts, mailing software, hosting providers, project management software etc. For each of these systems note what personal data they hold.

2. Who has access to these systems and data?

3. What permission do you have to store and use this data?

4. Where are the serves for each system you use located?

Does the software company intend to comply with the GDPR? You can find out more about the reason for this and what GDPR says about international transfer of data here. The bottom line is that, under the GDPR, businesses are prohibited from transferring personal data outside of the EU to a country that does not have adequate data protection. This includes the US. If the software you use transfers data to/stores data in the US, make sure the data is protected by the Privacy Shield to ensure compliance with GDPR.

5. What devices do you use to access these systems and data?

Who else has access to these devices?

2. Review the data you currently store

This is a good time to securely delete (or shred) any documents you no longer need or are legally required to keep and ensure the data you do hold is necessary and secure.

3. Encrypt your devices

Encryption is the only way to protect data that may be lost or stolen – for example if you lose a memory stick or laptop. Password protecting your devices is not enough, the data could easily be transferred to another machine and read.

If you aren’t sure how to encrypt your devices, find out. The below information may be helpful.

Encryption for:

4. Protect against viruses and malware

Install the appropriate software on all of your devices to protect against viruses and malware. Our Head of All Things Technical, James, recommends Sophos for Mac users.

It is also important to ensure you regularly install software updates. These are easy to ignore when we are busy working, but new updates fix issues that could potentially lead to software vulnerability.

5. Keep passwords secure

I can’t stress enough how important it is to keep your passwords secure and share them securely. Doing so can help to demonstrate that you are trying to protect the data you hold in every way possible. Passwords should be changed regularly to maintain their integrity.

Here are some steps you can take:

1. Set up a password manager.

I use both Lastpass and 1Password. These allow both secure password storage and sharing. If you have previously shared passwords with others and they a) haven’t been strong and unique and/or b) were not shared securely, you should change the passwords and re-share them securely as needed.

2. Ensure all of your passwords are strong and unique.

Both Lastpass and 1Password can generate passwords for you. Use this feature. Please do not use a password that has any reference to your name, date of birth, address or any other very obvious information! This is an example password generate by LastPass: SFTAD0C827y3i5un7uy4g6z1o2. This is what I mean by secure!

3. Enable two/multi-factor authentication (where possible).

6. Use a private VPN when working in public

Public WIFI is not secure and someone could easily intercept your data if you are using a shared network. When working on public WIFI (for example your local Starbucks) you should use a private, encrypted network.

I’ve opted for Tunnel Bear. But there are plenty of options reviewed in this TechRadar article.

7. Backup data securely

So, you’ve lost your laptop with all of your data on it. Including personal data. Right, now you need to inform those it might affect. Okay, this is not ideal. But at least you can find out whose data you had because you have a back-up, right? In the cloud? No? Hard Drive? No? Ah, it was only on your hard drive. Oh dear.

That’s right. Not only are backups a good idea should your computer break, but they are critical to being able to comply with the reporting and notification requirements of the GDPR should a data breach occur. You are required to notify anyone whose data may have been compromised as part of the breach and therefore may be at risk. Without a backup, it would be very difficult to do this.

We use both cloud and encrypted hard drive back up of our systems and data.

8. Review mailing lists and methods of consent

When preparing for the GDPR it is essential that you review your mailing lists to ensure they are compliant. In some cases, you will need to re-opt in those on your list.

Consider the following:

1. Were all of your signups collected via a double opt-in?

The double opt-in process includes two steps. In step 1, a potential subscriber fills out and submits your online signup form. In step 2, they’ll receive a confirmation email and click a link to verify their email. If your answer is no, can you prove that people gave their permission to be on your list (giving you their business card DOES NOT count!)? Personally, I would ask anyone who didn’t sign up via double opt-in to re-opt-in in advance of the enforcement of the GDPR. (Note: double opt-in is not specifically mentioned by the GDPR but it is the best way of proving that those on your mailing list gave their permission to be on it and consent is a big part of the regulations).

2. Are tick boxes for signup pre-ticked? 

Under the GDPR pre-ticked boxes are not permitted.

3. Is your opt-in positive?

Under the GDPR a positive opt-in is required (i.e. you can’t ask people to ‘tick here if you don’t want to be on the list’).

4. Is it clear when someone signs up what they are signing up for?

Under the GDPR, saying those who sign up will receive your ‘newsletter’ isn’t adequate – you need to be specific about what communication they are signing up for. How often will they receive your newsletter? What information will it contain?

5. Can an email subscriber easily unsubscribe? 

All of your emailers should have a clear unsubscribe button.

Further information on consent can be found on the ICO website. Mailchimp also has a guide on the GDPR and mailing lists. If you use another mailing software, it’s worth checking their specific advice too.

9. Update privacy policies

It’s good practice to review and refine policies and procedures regularly, but your privacy policy (usually housed on a company’s website) is definitely one you’ll need to review ahead of the GDPR.

The ICO’s Privacy Notices Code of Practiceis a good place to start and includes information on privacy notices under the GDPR.

Liz Henderson’s LinkedIn article also breaks this down in simple language and provides an example GDPR compliant policy.

And that is how we are preparing for the GDPR…for now. I say for now because we fully expect that as we edge closer to, and even beyond, the enforcement date we’re likely to receive new advice and best practice guidance. 

We hope this was a useful insight into what the regulations are all about and how you can start preparing for the GDPR ahead of the May enforcement date.

About the Author

Carly is Head of Making Things Happen at The Difference. She is an accomplished executive assistant and marketing expert with nearly 10 years’ experience in the healthcare communications industry. She has also worked remotely for the past three years and brings valuable expertise and insight to our #WorkDifferently culture.

Or say hello to us on social media…

Louise Watson

Consumer & Wellbeing Brand Marketing

I have 25 years of consumer and corporate brand-building experience gained working in global network agencies. I am a creative strategist at heart and my client experience across wellbeing, nutrition-marketing and health includes leading award-winning work for Bayer Consumer Health, Kellogg’s, P&G and Unilever. My most recent experience includes 3 years as Chair of Consumer Marketing EMEA at Weber Shandwick where I led the regional client service community and a 12-month contract with Ogilvy leading integrated campaigns.

An impassioned problem-solver, Louise enjoys bringing an audience-centric approach to client issues in order to solve business challenges through strategic communications.

I also lead communication for TEDx Kingston, one of the UK’s largest and most preferred events of its kind.

Elspeth Massey

Charity & Patient Groups

I started my career as a journalist working on the newsdesk of ITV Meridian where I honed by skills as a storyteller. Since then I’ve spent the last ten years leading comms teams in three national health charities, including The Stroke Association, Samaritans and Beating Bowel Cancer. I’ve developed and delivered cut-through campaigns that have driven the profile of organisations, achieved wide-spread media relations coverage and subsequent policy change. I’ve loved getting important causes the attention they deserve.

Alex Harrison

Corporate Communications

I am a healthcare communications specialist with 20 years’ experience working both in-house and for a leading agency and experience developing and delivering successful communication, corporate responsibility and employee engagement strategies. I have a proven track record of providing external and internal communications strategic advice to all levels including CEOs of major corporations and patient groups. I previously worked at GSK in the communications function in various global roles initially as the Financial and Corporate Media Director, and latterly as the Director of Activation for the GSK Save the Children partnership. During this role I was responsible for the internal and external communications strategy and employee engagement campaign for the company’s global partnership.  

Ali Perkins

Leadership Communications

I am is an experienced business and communications leader with over 25 years’ experience in large corporate, small and start up organisations. Key roles have included Global Head of R&D communications for Astra Zeneca, as well as over eight years at Microsoft heading up the UK communications team and as Director of Privacy and Social Media Strategy. 

I have extensive experience of strategic communications, brand and reputation, business planning and restructuring, change management, employee engagement and crisis / issues management. I am comfortable working with and advising the most senior business leaders, often on complex and sensitive issues.

Angie Wiles

Founder & Head of Collectivity

I’ve been passionate about healthcare communications and the ‘difference’ we can make to patients’ lives for over 30 years now. I thrive on collaborative creative working and believe the freedom to choose to work in a way that best suits a person’s lifestyle produces the absolute best results in terms of productivity and creativity. The Difference Collective brings together the best independent senior talented consultants in the business who want to work differently but still benefit from the support and camaraderie of an agency community that has been purpose built to work virtually.

Anna Gray

Prescription PR

I’m a trusted senior PR professional with over 20 years’ experience of healthcare communications. I’ve held senior positions in agencies for over 13 years and have extensive experience of leading brand and therapy area communications, internal and change communications, issues management, patient advocacy and awareness campaigning, patient involvement, content development, stakeholder mapping and development and media relations (traditional and social). My strengths lie in seeing the bigger picture while keeping an eye on the detail and strong relationship skills. I have a real interest in learning and maintaining health and wellness and am currently studying for a post-graduate diploma in Nutritional Therapy with the Institute for Optimum Nutrition in London.

Becky Jones

Medical Education UK/EU

I am a medical communications expert with extensive knowledge and over 25 years’ experience in the Pharmaceutical Industry. I am innovative and skilled at translating scientific and technical language into clear and simple messages for specific healthcare professional audiences and understand the need to incorporate strategic focus and deliver relevant and compelling stories. Delivering projects for the UK Market as well as Europe, Australia and Canada, Becky has worked with healthcare agencies and companies such as Bayer, Eli Lilly, Napp, Gilead, Mundipharma and Novo Nordisk, I have worked across many therapeutic areas, but is passionate about diabetes, cardiovascular disease, and obesity. And as an advocate of expert to expert communications, I am adept at building and establishing trusted partnerships and collaborations and have a strong network of high-profile thought leaders.

Candida Halton

Behavioural Psychology

I am a healthcare communications specialist with 20 years’ experience working both in-house and for a leading agency and experience developing and delivering successful communication, corporate responsibility and employee engagement strategies. I have a proven track record of providing external and internal communications strategic advice to all levels including CEOs of major corporations and patient groups. I previously worked at GSK in the communications function in various global roles initially as the Financial and Corporate Media Director, and latterly as the Director of Activation for the GSK Save the Children partnership. During this role I was responsible for the internal and external communications strategy and employee engagement campaign for the company’s global partnership.  

Charlie Hobson

Copywriting

I’m a marketing professional turned content writer who’s worked with clients in a range of industries including healthcare over the last 20 years. I’m commercial in approach so working on projects with clear outcomes and KPIs really appeals to me. In The Difference Collective, I’m energised by working with different clients and team members who are real experts in their fields, so we spark off each other creatively. I like that projects get moving fast – we’re hands-on quickly, without the pitches and politics.

Charlotte Messer

Consumer Health PR

I have worked in PR for over 25 years, a career that has been varied and exciting.  Having worked in a variety of sectors, healthcare is the area that I am most passionate about and where I feel most proud and pleased to be making a real difference. After working for agencies and in-house I decided that I wanted to have more control over the way I worked. For me, this meant working in an agile way with talented freelancers so I could ensure clients got to work with the very best people, with teams tailored to each project. I was invited to join The Difference Collective this year, which brings exceptional PR professionals together who all share the same ‘brilliance’ ethos. I am proud to be part of such a great team.

Clare Evans

Global Communications

I’ve worked in the biopharmaceutical industry for over 20 years, both in-house and in agencies including leading UK, EU, Global and regional communications teams at Novartis (Switzerland), Roche (Switzerland) and AstraZeneca (UK and U.S.) in areas such as cardiovascular disease, diabetes, manufacturing, supply and quality assurance, neuroscience, and infectious disease. My focus areas are executive and leadership communications, issues and crisis communications, change management, strategy development, and scientific/product data and launch communications. My experience includes leading the Global communications for the 2009 H1N1 pandemic for Roche HQ in Switzerland and managing issues related to the Japan earthquake and tsunami in 2011, from an employee, governmental, manufacturing and product perspective. I am also a qualified pharmacy technician and previously worked in hospital pharmacies in London and Kent ranging from dispensing OTC and prescription medicines to making chemotherapy for patients

Hugh Gosling

Pharma Content & Insight

Having completed a pharmacology degree and journalism post-grad, I have spent 20+ years writing, editing and managing content and editorial projects in healthcare/pharma. I have worked at independent media organizations (notably as Editor of several industry-leading publications), in-house at global pharmaceutical companies, and within creative agencies. I now bring this broad experience to shape content of all types and formats.

In recent months, I have worked on white papers, in-depth reports, patient-focused materials, corporate slide decks and position papers, blogs/articles, technical papers, sales leaflets and HCP training toolkits. I specialise in advising on and delivering high-quality content, with a particular interest in thought-leading content that delivers real value and insight.

Wayne Page

Digital Communications

I served as CEO of one of the most innovative and successful independent digital healthcare agencies in the UK (big pink) for 15 years, leading a team of experts in creating and implementing some of the most impactful global digital healthcare campaigns for some of the biggest brands in the pharmaceutical market. I played a pivotal role in establishing Pfizer’s first EUCAN (EU and Canadian) digital strategy and created and implemented an innovative ‘digital acceleration programme’ to drive rapid uptake of this new approach. For five years, across 22 markets, big pink under my guidance, led the development and execution of Seretide’s global brand strategy (and tactics) as Agency of Record.

Jo Willey

Media Strategy

I’m a storyteller and story creator, passionate about uncovering that killer “line” I know will be irresistible for journalists and their audiences. I have worked as a journalist on national newspapers for 20 years, latterly at the Daily Express where, as Health Editor, I led the newspaper’s health and science coverage which included three or four front pages a week. I have also written for – and continue to write for as a freelance – titles including the Daily Mail, The Times, The Sun, The Mail on Sunday and The Mirror. After leaving the Daily Express in 2014 I set up my successful consultancy Jo Willey Media, and am now a highly sought after communications specialist working with PR agencies, pharmaceutical companies, businesses and charities offering services including media strategy, storytelling and content development, media training and I am an expert facilitator of advisory boards, meetings and workshops.

Jo Williams

Social Media

I am a highly experienced healthcare marketing consultant who has worked in both client-side and agency roles for over 20 years. My knowledge and experience spans the breadth of the marketing discipline but has particular expertise in strategy development and multi-channel marketing. As well as helping to launch and build successful brands for many of the top 10 pharmaceutical companies, I have delivered numerous projects in the areas of corporate reputation, customer experience, insight development, and social media marketing. I worked as a Senior Client Director for one of the largest healthcare insights and consulting agencies, before going freelance in 2017. I am driven by curiosity, a passion for learning and a drive to keep on top of the latest trends in marketing.  

Julie Saunders

Internal Communications & Change Management

I’ve spent over 20 years working in communications functions of pharmaceutical companies and in global healthcare communications consultancies, which has given me a unique perspective on the intricacies of communication across the healthcare environment. Now, as an independent healthcare communications consultant, I focus on communication strategies, stakeholder mapping, leadership counsel, product and corporate communications and internal communication. I am particularly passionate about working with the pharmaceutical industry to make the concept of patient centricity meaningful, and not just a ‘buzzword’! Joining The Difference Collective has given me an amazing connection with a network of very talented and supportive peers, broadening my client offering through collective, efficient expertise.

Lisa Harper

Virtual Working

I’m a healthcare communications consultant with over 15 years of experience. I worked at two highly respected PR agencies for over nine years before taking the plunge and becoming a freelancer. I’ve worked with GSK, Roche, AstraZeneca and Pfizer. The Difference is empowering; it brings us together in a virtual space where we can focus on delivering top-quality work for clients with the support and resources of the wider Difference community. I love the pace and immediacy and enjoy getting up to speed on new therapy areas and assignments in record time.

Liz Adams

Media Relations

With nearly 20 years of healthcare communications and PR experience behind me, I provide detailed insights into the media landscape and client campaigns. I take pride in devising strategies that will breakdown the barriers to patient understanding and empower them to take action when needed. Health matters. Compelling campaigns allow patients to present quicker, access treatment faster, meaning families stay together for longer and lives can be lived. The Difference Collective is a dream team of talent that takes healthcare communications to another level.

Michelle Healy-Thomas

Design

I am passionate about typography and communicating clever ideas through inspired design. Over the last 10 years, I have successfully worked with a broad range of clients encompassing health and life sciences, beauty, energy, telecommunications and the financial sectors. My client experience includes Sony Ericsson, Great Ormond Street, Dresdner bank, Alliance Boots, Liverpool Victoria and Virgin Media. I have won ‘Design Effectiveness’ Awards for my work on Boots Laboratories and Vitol Energy and am a member of the Chartered Society of Designers, sitting on the judging panel for Corporate design. 

Rod Cartwright

Crisis & Issues Management

I am a strategic communication consultant working with agencies and in-house teams to deliver personal communication preparedness and organisation resilience. I bring a 25-year global PR agency pedigree working with market leaders including Ketchum (Global Corporate Practice Director), Text100 (EMEA Regional Director), Hill & Knowlton Strategies (Director) and GCI (Director) to drive lasting reputational growth and business change.

My focus is on issues management & crisis communication; leadership communication & executive preparedness; thought leadership & corporate reputation; and strategic problem-solving & facilitation. I have considerable expertise across ethical healthcare, OTC, consumer health and medical devices and has worked for healthcare clients including Takeda, Roche Diagnostics, Pfizer Consumer Health, Medtronic, Macmillan Cancer Support, Medco, Allergan and the Motor Neurone Disease Association.

Over the course of my career, I have taken on all that global news events such as the disappearance of Malaysia Airlines’ MH370 and the airline’s subsequent sovereign-led restructuring can throw at you.

Stuart Mayell

Creative & Strategy

I’m a Creative Director with 22 years of undimmed curiosity about health and science. I’ve contributed the insights, innovation and ideas that have opened up opportunities for hundreds of businesses. If you need impact, whether with words, brands or strategy, I can help. I’ve led multi-disciplinary teams across design, video, copywriting, digital and development. In my time in the healthcare communications industry I’ve worked across all main medical specialities, however I have particular experience and interest in oncology, medical technology and vaccines. The Difference offers me the perfect platform to advocate for creativity as the answer to many of society’s greatest health challenges; and the tool to help businesses succeed.

Susan Cuozzo

Medical Education Global

I am an award-winning medical education specialist, accredited publication planner (ISMPP CMPP) and medical writer with a 20+ year track record of creating strategic scientific communications. I have led medical writing and editorial teams across therapeutic areas on global and US accounts for agencies based in NYC. I have worked on over 20 drug launches including agents given fast-track designation by the FDA. I am adept at applying adult learning principles to maximize engagements with any HCP audience and have designed and moderated over 100 advisory board meetings and workshops. My passion is working with thought leaders to bring data to life to ultimately improve patient outcomes. In 2017 I was recognised by Pharma Marketers 360 magazine with an ELITE award for Transformational Leadership and by PharmaVOICE as one of the 100 most inspirational people in the life sciences industry.

Vicki Harper

Client Management

I have been in communications and marketing for over 20 years, working with UK and global agencies. I have well-honed client service skills with an insight-first approach that enable me to craft and deliver effective healthcare communications campaigns with a clear strategy and a defined purpose, delivered on time and within budget. I am attuned to the need to add genuine value to my clients and committed to delivering meaningful results that make a difference. In recent years, I have created global digital influencer and partnership programmes supporting women’s health, as well as consumer healthcare brands, enabling them to reach new audiences and online communities alongside PR. I am adept at managing and delivering complex multiple-territory campaigns for large and small-scale organisations, across public, private and the third sector with a background spanning pharmaceutical and healthcare companies, women’s health, healthcare charities, sports & wellbeing brands and social enterprise.

Louise Watson

Consumer & Wellbeing Brand Marketing

I have 25 years of consumer and corporate brand-building experience gained working in global network agencies. I am a creative strategist at heart and my client experience across wellbeing, nutrition-marketing and health includes leading award-winning work for Bayer Consumer Health, Kellogg’s, P&G and Unilever. My most recent experience includes 3 years as Chair of Consumer Marketing EMEA at Weber Shandwick where I led the regional client service community and a 12-month contract with Ogilvy leading integrated campaigns.

An impassioned problem-solver, Louise enjoys bringing an audience-centric approach to client issues in order to solve business challenges through strategic communications.

I also lead communication for TEDx Kingston, one of the UK’s largest and most preferred events of its kind.